Ques 1) How to Book a Domain ?

Follow these steps for booking your Domain Name:

Step 1
In the Domain search box on the home page enter the domain name you want, select an
extension for your Domain name (e.g. .com, .net, org, .tv etc.) and start your search by clicking
on the Search button.

Step 2
The results page will next show you whether the Domain is available or not. If not available then
you will have to resume your search again. If your Domain name is available, you may proceed
to register by selecting the checkbox against the domain name you want and clicking on
Continue.

Step 3
Proceed to complete the Domain registration form.

Note: INSTALINKS.NET does not need any pre-registration, and you will directly proceeded to
a Domain registration form. Registration is absolutely free of cost. You only have to register
once on the site.

After completing and submitting the Domain registration form, you will get an order code and
will receive an email from Instalinks containing your all information pertaining to the domain
that you have booked.

Your domain will be activated within 48 hrs of receiving your payment.

Note: This email does NOT mean that your domain has been registered, it merely confirms your
order. You have to send the Cheque/Draft for the amount pertaining to the domain you have
booked to INSTALINKS for the registration of the domain.

From the day you have applied for Domain booking, Instalinks will keep it for a maximum
period of 21 days, during which you will receive reminders. After 21 days, your domain will
become available again and may be booked by someone else.
Ques 2) What is WHOIS ?

WHOIS (pronounced "who is") is an Internet database that contains information on domain
names including the name servers associated with the domain name, the domain registrar and the
Administrative, Billing and Technical contacts with postal and email addresses.
Each domain registrar maintains a WHOIS database with all contact information for the domain
names hosted on their servers. The InterNIC WHOIS database, on the other hand, is vast and has
information on all .com, .net and .org domain names.

The WHOIS is also a tool or an application which searches the domain name information
contained in WHOIS databases. It is generally used to check either the availability of a domain
name or the ownership of a domain name. The tool requires you to enter a domain name such as
webdevelopersnotes.com (without the www prefix). If the domain is available you will be
informed of the same, else, you would be displayed one or more details:

• The registrant information. Details of the person who registered the domain name
including their postal and email addresses and phone number.

• The contacts: Each domain name is associated with three contacts - Administrative,
Billing and Technical. In most cases, all the three would belong to the same person (the
registrant). Note: The technical contact might be of the company hosting the domain
name.

• The creation and expiration date of the domain name

• The name servers associated with the domain name

Ques 3) What is Cybersquatting ?

Cybersquatting (also known as domain squatting), according to the United States federal law
known as the Anticybersquatting Consumer Protection Act, is registering, trafficking in, or using
a domain name with bad faith intent to profit from the goodwill of a trademark belonging to
someone else. The cybersquatter then offers to sell the domain to the person or company who
owns a trademark contained within the name at an inflated price.

The term is derived from "squatting," which is the act of occupying an abandoned or unoccupied
space or building that the squatter does not own, rent or otherwise have permission to use.
Cybersquatting, however, is a bit different in that the domain names that are being "squatted" are
(sometimes but not always) being paid for through the registration process by the cybersquatters.
Cybersquatters usually ask for prices far greater than that at which they purchased it. Some
cybersquatters put up derogatory remarks about the person or company the domain is meant to
represent in an effort to encourage the subject to buy the domain from them. Others post paid
links via Google, Yahoo, Ask.com and other paid advertising networks to the actual site that the
user likely wanted, thus monetizing their squatting. Some argue that the dividing line of

Cybersquatting is one of the most loosely used terms related to domain name intellectual
property law and is often incorrectly used to refer to the sale or purchase of generic domain
names.

Cybersquatting (also known as domain squatting), according to the United States federal law
known as the Anticybersquatting Consumer Protection Act, is registering, trafficking in, or using
a domain name with bad faith intent to profit from the goodwill of a trademark belonging to
someone else. The cybersquatter then offers to sell the domain to the person or company who
owns a trademark contained within the name at an inflated price.

The term is derived from "squatting," which is the act of occupying an abandoned or unoccupied
space or building that the squatter does not own, rent or otherwise have permission to use.
Cybersquatting, however, is a bit different in that the domain names that are being "squatted" are
(sometimes but not always) being paid for through the registration process by the cybersquatters.
Cybersquatters usually ask for prices far greater than that at which they purchased it. Some
cybersquatters put up derogatory remarks about the person or company the domain is meant to
represent in an effort to encourage the subject to buy the domain from them.[citation needed] Others
post paid links via Google, Yahoo, Ask.com and other paid advertising networks to the actual
site that the user likely wanted, thus monetizing their squatting
Ques 4) What is Pretty Good Privacy ?

Pretty Good Privacy (PGP) : It is a computer program that

provides cryptographic privacy and authentication. PGP is often used for signing, encrypting and
decrypting e-mails to increase the security of e-mail communications.

How PGP Works ?

PGP encryption uses a serial combination of hashing, data compression, symmetric-key

cryptography, and, finally, public-key cryptography; each step uses one of several
supported algorithms. Each public key is bound to a user name and/or an e-mail address. The
first version of this system was generally known as a web of trust to contrast with
the X.509 system which uses a hierarchical approach based on certificate authority and which
was added to PGP implementations later. Current versions of PGP encryption include both
options through an automated key management server.
Compatibility
As PGP evolves, PGP systems that support newer features and algorithms are able to create
encrypted messages that older PGP systems cannot decrypt, even with a valid private key. Thus,
it is essential that partners in PGP communication understand each other's PGP capabilities or at
least agree on PGP settings.
Digital signatures
PGP supports message authentication and integrity checking. The latter is used to detect whether
a message has been altered since it was completed (the message integrity property), and the
former to determine whether it was actually sent by the person/entity claimed to be the sender
(a digital signature). In PGP, these are used by default in conjunction with encryption, but can be
applied to plaintext as well. The sender uses PGP to create a digital signature for the message
with either the RSA or DSA signature algorithms. To do so, PGP computes a hash (also called
a message digest) from the plaintext, and then creates the digital signature from that hash using
the sender's private keys.
Web of trust
Both when encrypting messages and when verifying signatures, it is critical that the public key
used to send messages to someone or some entity actually does 'belong' to the intended recipient.
Simply downloading a public key from somewhere is not overwhelming assurance of that
association; deliberate (or accidental) impersonation is possible. PGP has, from its first versions,
always included provisions for distributing a user's public keys in an 'identity certificate' which is
so constructed cryptographically that any tampering (or accidental garble) is readily detectable.
But merely making a certificate which is impossible to modify without being detected effectively
is also insufficient. It can prevent corruption only after the certificate has been created, not
before. Users must also ensure by some means that the public key in a certificate actually does
belong to the person/entity claiming it. From its first release, PGP products have included an
internal certificate 'vetting scheme' to assist with this; a trust model which has been called a web
of trust. A given public key (or more specifically, information binding a user name to a key) may
be digitally signed by a third party user to attest to the association between someone (actually a
user name) and the key. There are several levels of confidence which can be included in such
signatures. Although many programs read and write this information, few (if any) include this
level of certification when calculating whether to trust a key.
Ques 5) What do you mean by Digital Signature ?

(Bob's public key)

Bob
(Bob's private key)

Bob has been given two keys. One of Bob's keys is called a Public Key, the other is called a
Private Key.

Bob's Co-workers:

Anyone can get Bob's

Public Key, but Bob
keeps his Private Key
to himself
Pat Doug Susan

Bob's Public key is available to anyone who needs it, but he keeps his Private Key to himself.
Keys are used to encrypt information. Encrypting information means "scrambling it up", so that
only a person with the appropriate key can make it readable again. Either one of Bob's two keys
can encrypt data, and the other key can decrypt that data.

Susan (shown below) can encrypt a message using Bob's Public Key. Bob uses his Private Key
to decrypt the message. Any of Bob's coworkers might have access to the message Susan
encrypted, but without Bob's Private Key, the data is worthless.

HNFmsEm6Un
"Hey Bob, how
BejhhyCGKOK
about lunch at
JUxhiygSBCEiC
Taco Bell. I
0QYIh/Hn3xgiK
hear they have
BcyLK1UcYiY
free refills!"
lxx2lCFHDC/A
HNFmsEm6Un
"Hey Bob, how
BejhhyCGKOK
about lunch at
JUxhiygSBCEiC
Taco Bell. I
0QYIh/Hn3xgiK
hear they have
BcyLK1UcYiY
free refills!"
lxx2lCFHDC/A
With his private key and the right software, Bob can put digital signatures on documents and
other data. A digital signature is a "stamp" Bob places on the data which is unique to Bob, and is
very difficult to forge. In addition, the signature assures that any changes made to the data that
has been signed can not go undetected.

To sign a document, Bob's software will crunch down the data into just a few lines by
a process called "hashing". These few lines are called a message digest. (It is not
possible to change a message digest back into the original data from which it was
created.)

Bob's software then encrypts the message digest with his private key. The result is the digital
signature.

Finally, Bob's software appends the digital signature to document. All of the data that was
hashed has been signed.
Bob now passes the document on to Pat.

First, Pat's software decrypts the signature (using Bob's public key) changing it back
into a message digest. If this worked, then it proves that Bob signed the document,
because only Bob has his private key. Pat's software then hashes the document data
into a message digest. If the message digest is the same as the message digest created
when the signature was decrypted, then Pat knows that the signed data has not been
changed.
Plot complication...
Doug (our disgruntled employee) wishes to deceive Pat. Doug makes sure that Pat
receives a signed message and a public key that appears to belong to Bob.
Unbeknownst to Pat, Doug deceitfully sent a key pair he created using Bob's name.
Short of receiving Bob's public key from him in person, how can Pat be sure that
Bob's public key is authentic?

It just so happens that Susan works at the company's certificate authority center. Susan can create
a digital certificate for Bob simply by signing Bob's public key as well as some information
about Bob.

Bob Info:
Name
Department
Cubical Number

Certificate Info:
Expiration Date
Serial Number

Bob's Public Key:

Now Bob's co-workers can check Bob's trusted certificate to make sure that his public key truly
belongs to him. In fact, no one at Bob's company accepts a signature for which there does not
exist a certificate generated by Susan. This gives Susan the power to revoke signatures if private
keys are compromised, or no longer needed. There are even more widely accepted certificate
authorities that certify Susan.

Let's say that Bob sends a signed document to Pat. To verify the signature on the document, Pat's
software first uses Susan's (the certificate authority's) public key to check the signature on Bob's
certificate. Successful de-encryption of the certificate proves that Susan created it. After the
certificate is de-encrypted, Pat's software can check if Bob is in good standing with the certificate
authority and that all of the certificate information concerning Bob's identity has not been
altered.

Pat's software then takes Bob's public key from the certificate and uses it to check Bob's
signature. If Bob's public key de-encrypts the signature successfully, then Pat is assured that the
signature was created using Bob's private key, for Susan has certified the matching public key.
And of course, if the signature is valid, then we know that Doug didn't try to change the signed
content.
Ques 6) Explain the concept of Digital certificate ?

Digital Certificates are the electronic counterparts to driver licenses, passports and membership
cards. You can present a Digital Certificate electronically to prove your identity or your right to
access information or services online.

Digital Certificates, also known as digital certificates, bind an identity to a pair of electronic keys
that can be used to encrypt and sign digital information. A Digital Certificate makes it possible to
verify someone's claim that they have the right to use a given key, helping to prevent people
from using phony keys to impersonate other users. Used in conjunction with encryption, Digital
Certificates provide a more complete security solution, assuring the identity of all parties
involved in a transaction.

A Digital Certificate is issued by a Certification Authority (CA) and signed with the CA's private
key.

A Digital Certificate typically contains the:

• Owner's public key

• Owner's name
• Expiration date of the public key
• Name of the issuer (the CA that issued the Digital Certificate
• Serial number of the Digital Certificate
• Digital signature of the issuer

The most widely accepted format for Digital Certificates is defined by the CCITT X.509
international standard; thus certificates can be read or written by any application complying with
X.509. Further refinements are found in the PKCS standards and the PEM standard.
Return to top of page.

What are Digital Certificates used for?

Digital Certificates can be used for a variety of electronic transactions including

e-mail, electronic commerce, groupware and electronic funds transfers. Netscape's popular
Enterprise Server requires a Digital Certificate for each secure server.

For example, a customer shopping at an electronic mall run by Netscape's server software
requests the Digital Certificate of the server to authenticate the identity of the mall operator and
the content provided by the merchant. Without authenticating the server, the shopper should not
trust the operator or merchant with sensitive information like a credit card number. The Digital
Certificate is instrumental in establishing a secure channel for communicating any sensitive
information back to the mall operator.
Ques 7) Explain the terms :

• Computer virus

• Antivirus

• Malware

• Trojan horse

• Worm

• Zombies

• Botnet

Computer Virus : A computer virus is a small software program that spreads from one
computer to another computer and that interferes with computer operation. A computer virus
may corrupt or delete data on a computer, use an e-mail program to spread the virus to other
computers, or even delete everything on the hard disk.

Computer viruses are most easily spread by attachments in e-mail messages or by instant
messaging messages. Computer viruses can be disguised as attachments of funny images,
greeting cards, or audio and video files. Computer viruses also spread by using downloads on the
Internet. Computer viruses can be hidden in pirated software or in other files or programs that
you may download.

Symptoms of a computer virus

If you suspect or confirm that your computer is infected with a computer virus, obtain the current
antivirus software. The following are some primary indicators that a computer may be infected:

• The computer runs slower than usual.

• The computer stops responding, or it locks up frequently.
• The computer crashes, and then it restarts every few minutes.
• The computer restarts on its own. Additionally, the computer does not run as usual.
• Applications on the computer do not work correctly.
• You see unusual error messages.
• There is a double extension on an attachment that you recently opened, such as a .jpg,
.vbs, .gif, or .exe. extension.
 • An antivirus program is disabled for no reason. Additionally, the antivirus program
cannot be restarted.
• An antivirus program cannot be installed on the computer, or the antivirus program will
not run.

To remove a computer virus, follow these steps:

1. Install the latest updates from Microsoft Update on the computer.

2. Update the antivirus software on the computer. Then, perform a thorough scan of the
computer by using the antivirus software.
3. Download, install, and then run the Microsoft Malicious Software Removal Tool to
remove existing viruses on the computer. To download the Malicious Software Removal
Tool, visit the following Microsoft Web site:

http://www.microsoft.com/security/malwareremove/default.mspx

How to protect your computer against viruses

To protect your computer against viruses, follow these steps:

1. On the computer, turn on the firewall.

2. Keep the computer operating system up-to-date.
3. Use updated antivirus software on the computer. Use updated antispyware software on
the computer.

Malware : Malware, short for malicious software, is software designed to infiltrate a

computer system without the owner's informed consent. Software is considered malware
based on the perceived intent of the creator rather than any particular features. Malware
includes computer viruses, worms, Trojan horses, most root kits, spyware, dishonest
adware, crime ware and other malicious and unwanted software.

How Do You Know

• Malware works to remain unnoticed, either by actively hiding or by simply not making
its presence on a system known to the user
What To Do

• Only open email or IM attachments that come from a trusted source and that are expected
• Have email attachments scanned by Norton Internet Security prior to opening
• Delete all unwanted messages without opening
• Do not click on Web links sent by someone you do not know
• If a person on your Buddy list is sending strange messages, files, or web site links,
terminate your IM session
• Scan all files with an Internet Security solution before transferring them to your system
• Only transfer files from a well known source
• Use Norton Internet Security to block all unsolicited outbound communication
• Keep security patches up to date

Trojan horse : A Trojan horse (sometimes shortened to trojan), is non-self-replicating

malware that appears to perform a desirable function for the user but instead facilitates
unauthorized access to the user's computer system. The term is derived from the Trojan
Horse story in Greek mythology.
Purpose and operation

Trojan horses are designed to allow a hacker remote access to a target computer system. Once a
Trojan horse has been installed on a target computer system, it is possible for a hacker to access
it remotely and perform various operations. The operations that a hacker can perform are limited
by user privileges on the target computer system and the design of the Trojan horse.

Operations that could be performed by a hacker on a target computer system include:

• Use of the machine as part of a botnet (i.e. to perform spamming or to perform

Distributed Denial-of-service (DDoS) attacks)
• Data theft (e.g. passwords, credit card information, etc.)
• Installation of software (including other malware)
• Downloading or uploading of files
• Modification or deletion of files
• Keystroke logging
• Viewing the user's screen
• Wasting computer storage space

Trojan horses require interaction with a hacker to fulfill their purpose, though the hacker need
not be the individual responsible for distributing the Trojan horse. In fact, it is possible for
hackers to scan computers on a network using a port scanner in the hope of finding one with a
Trojan horse installed, that the hacker can then use to control the target computer.

A trojan differs from a virus in that only a file specifically designed to carry it can do so.
Computer worm :A computer worm is a self-replicating computer program. It uses a
computer network to send copies of itself to other nodes (computers on the network) and it
may do so without any user intervention. This is due to security shortcomings on the target
computer. Unlike a virus, it does not need to attach itself to an existing program. Worms
almost always cause at least some harm to the network, if only by consuming bandwidth,
whereas viruses almost always corrupt or modify files on a targeted computer.

Computer worms are programs that reproduce, execute independently and travel across the
network connections. The key difference between a virus and worm is the manner in which it
reproduces and spreads. A virus is dependent upon the host file or boot sector, and the transfer of
files between computers to spread, whereas a computer worm can execute completely
independently and spread on its own accord through network connections.

Zombies : A zombie computer (often shortened as zombie) is a computer connected to the

Internet that has been compromised by a hacker, a computer virus, or a trojan horse. Generally, a
compromised machine is only one of many in a botnet, and will be used to perform malicious
tasks of one sort or another under remote direction. Most owners of zombie computers are
unaware that their system is being used in this way. Because the owner tends to be unaware,
these computers are metaphorically compared to zombies.

Zombies can be used to conduct distributed denial-of-service attacks, a term which refers to the
orchestrated flooding of target websites by armies of zombie computers. The large number of
Internet users making simultaneous requests of a website's server are intended to result in
crashing and the prevention of legitimate users from accessing the site.[3] A variant of this type of
flooding is known as distributed degradation-of-service. Committed by "pulsing" zombies,
distributed degradation-of-service is the moderated and periodical flooding of websites, done
with the intent of slowing down rather than crashing a victim site. The effectiveness of this tactic
springs from the fact that intense flooding can be quickly detected and remedied, but pulsing
zombie attacks and the resulting slow-down in website access can go unnoticed for months and
even years.
Botnet : The Storm botnet or Storm worm botnet (not to be confused with StormBot, a
TCL script that is not malicious) is a remotely controlled network of "zombie" computers (or
"botnet") that has been linked by the Storm Worm, a Trojan horse spread through e-mail spam.

The Storm botnet has been used in a variety of criminal activities. Its controllers and the authors
of the Storm Worm have not yet been identified. The Storm botnet has displayed defensive
behaviors that indicated that its controllers were actively protecting the botnet against attempts at
tracking and disabling it. The botnet has specifically attacked the online operations of some
security vendors and researchers who attempted to investigate the botnet.

Ques 8) Description of vulnerable sites.

Firefox tops list of 12 most vulnerable apps

Mozilla’s flagship Firefox browser has earned the dubious title of the most vulnerable software
program running on the Windows platform.

According to application whitelisting vendor Bit9, Firefox topped the list of 12 widely deployed
desktop applications that suffered through critical security vulnerabilities in 2008. These flaws
exposed millions of Windows users to remote code execution attacks.

The other applications on the list are all well-known and range from browsers to media players,
to VOIP chat and anti-virus software programs. Here’s Bit9’s dirty dozen:

1. Mozilla Firefox: In 2008, Mozilla patched 10 vulnerabilities that could be used by

remote attackers to execute arbitrary code via buffer overflow, malformed URI links,
documents, JavaScript and third party tools.
2. Adobe Flash and Adobe Acrobat: Bit9 listed 14 flaws patched this year that exposed
desktops of arbitrary remote code execution via buffer overflow,“input validation issues”
and malformed parameters.
3. EMC VMware Player,Workstation and other products: A total of 10 bugs
introduced risks ranging from privilege escalation via directory traversal, ActiveX buffer
overflows leading to arbitrary code execution and denial of service.
4. Sun Java JDK and JRE, Sun Java Runtime Environment (JRE):
Inability to prevent execution of applets on older JRE release could allow remote
attackers to exploit vulnerabilities of these older releases. Buffer overflows allowing
creation, deletion and execution of arbitrary files via untrusted applications. 10 patched
vulnerabilities listed.
5. Apple QuickTime, Safari and iTunes: In QuickTime, the list includes nine
vulnerabilities that allow remote attackers to execute arbitrary code via buffer overflow,
or cause a denial of service (heap corruption and application crash) involving malformed
media files, media links and third party codecs. The Safari for Windows browser was
haunted by three flaws that could be lead to arbitrary code execution and denial of
 service involving JavaScript arrays that trigger memory corruption. Apple’s iTunes
software was susceptible to a remote improper update verification that allowed man-in-
the-middle attacks to execute arbitrary code via a Trojan horse update.
6. Symantec Norton products (all flavors 2006 to 2008): Stack-based buffer overflow in
the AutoFix Support Tool ActiveX exposed Windows users to arbitrary code execution.
7. Trend Micro OfficeScan: A total of four stack-based buffer overflows that opened doors
for remote attackers to execute arbitrary code.
8. Citrix Products: Privilege escalation in DNE via specially crafted interface requests
affects Cisco VPN Client, Blue Coat WinProxy, SafeNet SoftRemote and
HighAssurance Remote. Search path vulnerability, and buffer overflow lead to arbitrary
code execution.
9. Aurigma Image Uploader, Lycos FileUploader: Remote attackers can perform remote
code execution via long extended image information.
10. Skype: Improper check of dangerous extensions allows user-assisted remote attackers to
bypass warning dialogs.Cross-zone scripting vulnerability allows remote attackers to
inject script via Internet Explorer web control.
11. Yahoo Assistant: Remote attackers can execute arbitrary code via memory corruption.
12. Microsoft Windows Live (MSN) Messenger: Remote attackers are allowed to control
the Messenger application, “change state,” obtain contact information and establish audio
or video connections without notification.
Ques 9) What do you mean by Antivirus ?

Anti-virus software is used to identify and remove viruses in computers and many other types
of harmful computer software. The first antivirus software was designed exclusively to combat
computer viruses but now a days modern antivirus software can protect computer systems
against a wide range of Trojans, malware, worms, phishing attacks, and rootkits.

There are many methods which antivirus software can be used to identify malware; it depends
on the software we use.

Signature based detection

Malicious activity detection
Heuristic-based detection

Signature based detection is the most common method used by antivirus software to identify
malware. Normally to identify malware and viruses antivirus software compares the content of
the file to a dictionary of virus signatures. As viruses can embed themselves in existing files the
entire file is searched in pieces not just as a whole.

Malicious activity detection is the other method used to identify malware. In this method
antivirus software monitors the system for suspicious program behavior. If any suspicious
behavior is detected the suspect program may be further investigated using signature based
detection, this type of malicious activity detection can be used to identify unknown viruses.

Heuristic-based detection is the method used by more advanced antivirus software, Heuristics
method can be used to identify unknown viruses. This process has two approaches file analysis
and file emulation. In file analysis approach if a program has instructions to format the D drive,
anti virus software might further investigate the file. File analysis is the process of searching a
suspect file for virus like instructions. File emulation approach involves executing a program in a
virtual environment and logging what actions the program performs
Symantec Antivirus has lot of protection features, including infected file quarantine, online
virus protection updates, and an automatic scheduler. Symantec Antivirus is designed to start
running as soon as your computer's operating system starts. It runs in the background, checking
all vulnerable files for possible infection by mischievous, sometimes malevolent, programs
called viruses and worms. Symantec Antivirus does this by looking for the identifying
signatures of these worms and viruses and comparing them to known viruses for which it has
files. When it detects an infected file, it notifies you and manages the infection according to your
preferences.

Symantec Antivirus Download Link

GDATA Antivirus 2009 (formerly Antivirus Kit Improved protection against viruses, worms,
rootkits, spyware, diallers, trojans, backdoors and much more. Virus blocker for instant
messaging (MSN, Yahoo, AOL, etc.) is also there.

GDATA Antivirus 2009 Download Link

The Shield Pro 2009™ provides essential virus protection from viruses, hackers, and privacy
threats. Powerful yet easy to use, protect yourself, your family, and your PC online with The
Shield Pro 2009™. The Shield Pro 2009™ gives you 1 year of protection and PCSecurityShield
gives you all the free technical support you need to successfully protect yourself. The Shield Pro
now comes with Easy Installer, to make download and installation simpler than ever before.

The Shield Pro 2009 Antivirus Download Link

Dr.Web Anti-virus scanner This is a FREE anti-virus and anti-spyware utility based on Dr.Web
Anti-virus scanner, which will help you quickly scan and cure, if necessary, a computer
operated by MS Windows 95OSR2/ 98/Me/NT 4.0/2000/XP/2003/Vista without installation of
the Dr.Web Anti-virus.

Dr.Web Antivirus Download Link

eScan Antivirus is an effective virus protection software designed and developed to protect your
computers from threats like Viruses, Spyware, Adware, Malware, Keyloggers and Hackers.

eScan Antivirus Download Link

The Shield Pro 2009™ provides essential virus protection from viruses, hackers, and privacy
threats. When a virus breaks out, The Shield Pro 2009™ will provide a patch within 2-3 hours
and a fix for the virus within 5 hours.

Ques 10) Describe some vulnerable sites.

Adobe Reader

This year's Most hacked software belongs to (no

not Microsoft) Adobe. Adobe Inc's popular
software Adobe Reader is the most hacked
software of the year. Security firm iDefense
reportedly tracked as many as 45 bugs in the
Adobe Reader programme this year. The
number is up from 14 in 2008 and seven in
2007.

Security experts feel that Reader being a

universally used programme makes it highly
vulnerable. Also, its complex code base offers a
high risk of flaws.
Internet Explorer

At No. 2 on the Most Hacked Software list is

Microsoft's Internet Explorer. Little surprising that the
browser with majority marketshare (almost 65%) is hot
on hackers and scammers target list. According to the
news report, IE's complex code base with no shortage of
bugs helps hackers.

Security researchers found 30 bugs in IE this year,

almost the same number as last year and way down
from 49 found in 2007.
Mozilla Firefox

The open source browser Mozilla Firefox is the year

2009's third Most Hacked Software. Closest rival to
Internet Explorer with approximately 25%
marketshare, recorded an increase in vulnerabilities
this year.

Researchers and cybercriminals found as many as 102

bugs in Firefox this year, an increase of 12 bugs vi-a-
vis last year's 90 bugs. Wondering what makes its
more vulnerable than IE which showed 30 bugs?
Remember, the two cannot be compared directly as
Firefox is an open-source programme and Mozilla
publicly reveals all its bug finds.
Adobe Flash

At No. 4 on the Most Hacked Software list is

Adobe's popular design software Flash,
commonly used for viewing animations and
movies. The report found 11 vulnerabilities in
the programme this year, down 8 from 19 last
year.

According to the report, the vulnerabilities pose

a potential danger as the software used for
viewing videos and animation requires no
interaction with the user to infect the machine
with malicious software.
Apple Quicktime

Next on the hit-list of hackers is Apple

Quicktime, a multimedia framework used for
handling various formats of digital video, media
clips, sound, text, animation and music. Though
Apple talks about immunity from bugs in its
machines, however, security experts feel that
relative security comes from its low
marketshare and not careful coding.

According to the report, 26 bugs were found in

Quicktime in 2009, down 10 from 36 found in
2008. The number looks high compared to
mere 3 found in Windows Media Player.
Microsoft Office

At No. 6 is another Microsoft software,

Microsoft Office. IDefense tracked 41 bugs in
Microsoft's popular suite of apps in 2009, down
from 44 in 2008. According to the report,
hackers many a times use Microsoft Office
applications like PowerPoint, Excel or Word
document to plant malicious code
Windows

Another Microsoft software on Most Hacked Software

list is at no. 7. The company's Windows-based
operating system continue to be top on hackers radar.
Experts believe that the fact that Windows
vulnerabilities can be exploited without a user actually
doing anything makes the software hacker-prone.

For example the Conficker worm spread to over 7

million PCs last year without requiring a user to visit a
website, or open an attachment or actually do anything
else, other than just leave their computers running.